Monthly Archives: November 2016

It’s the stuff of science fiction: an artificial intelligence judges the merits of a court case and reaches a verdict. We are now one step closer to that being a reality. Researchers have created an artificial intelligence system that has accurately predicted the outcomes of many cases heard at the European Court of Human Rights (ECHR). Out of 584 cases, the system had a success rate of 79% where it correctly decided whether there had been a Human Rights’ violation or not.

The project was carried out by researchers at University College London and the universities of Sheffield and Pennsylvania. The method consisted of automatically analyzing case text using a machine learning algorithm. For the learning phase, equal amounts of cases with violations and without violations were used. In developing the method, the team found that judgements by the ECHR are highly correlated to non-legal facts rather than directly legal arguments, suggesting that judges of the Court are, in the jargon of legal theory, ‘realists’ rather than ‘formalists’.

The most reliable factors for predicting the court’s decision were found to be the language used, as well as the topics and ‘circumstances’ mentioned in the case text. The ‘circumstances’ section of the text includes information about the factual background to the case.

The team identified English language data sets for 584 cases related to three articles of the Convention on Human Rights:

By combining the information extracted from a) the abstract ‘topics’ that the cases cover and b) the ‘circumstances’ across data for all three articles, an accuracy of 79% was achieved.

The 21% of cases where the prediction was not correct involved situations where there were similar cases but with different outcomes. This could be an indication that in those cases, the finer subtleties of the law were missed by the artificial intelligence.

One of the key researchers, Dr Nikolaos Aletras, who led the study at UCL, said the following about using AI to predict cases: ‘We don’t see AI replacing judges or lawyers, but we think they’d find it useful for rapidly identifying patterns in cases that lead to certain outcomes. It could also be a valuable tool for highlighting which cases are most likely to be violations of the European Convention on Human Rights.’

Given the huge numbers of cases that the ECHR’s legal staff has to consider every year, the program could indeed prove very useful: in 2015, e.g., the court had to process 40,650 applications for a hearing, while in 2014 it processed 56,200 cases.

It is easy to see how such programs could benefit law firms as well. Having intelligent software at your office to predict the outcome of a case would offer a clear and objective view of the strengths and weaknesses of your case and argumentation. This could then help devise a different argumentation if necessary. Alternatively, it could help avoiding the costs of litigation if similar cases were not considered ‘winnable’.

Does this mean lawyers or judges should start fearing for their jobs? No, it doesn’t. The program still misses the finer subtleties of the law. As Dr Aletras pointed out, it is meant as a tool to assist, not to replace. In the long run, though, it could result in lawyers and judges dealing with more complex or specialized cases, while the processing of simpler cases gets more automated.

It shouldn’t come as a surprise that in an online world, cybercrime is on the rise. Not a week goes by without some cybercrime event in the headlines. So, we thought it would be a good idea to have some articles on cybersecurity. In this article, we will focus on cyberattacks, and more specifically on security breaches. Criminal security breaches typically happen for one of two purposes: hackers break into your system to either steal (and sell) your data, or to hold them for ransom by encrypting them with keys only they have.

Lawyers are not exempt from this risk, on the contrary. Because of all the sensitive data they store, law firms are appealing targets for hackers. A survey in the US taught that 80% of law firms have already been hacked at some stage. (The reporter writing the article suggested that the other 20% was either unaware, or lying about it).

Lawyers keep a lot of sensitive information on their clients. Because of the attorney-client privilege, they have an obligation to secure and protect that privileged information and data breaches erode the foundation of that attorney-client privilege. Data breaches can lead to fines, to law suits for malpractice and/or other damages, and to a loss of clientele. It is therefore important to take appropriate measures.

Now, typically, storing your information in the cloud is considered more secure and cheaper, as a) the hosting company will have all the know-how in-house, and b) the cost of security is shared, as it is spread over the different customers. But one must keep in mind that with a cloud solution, because it is always accessible, from anywhere, by anyone, at any time, that each additional user and each additional device increase the risk of a data breach. Most security breaches in the cloud are due, not to poor security on the host’s side, but to insecure devices or insecure behaviour by the users.

A recent example comes to mind. A firm in the US asked a security expert to test their security. It took him only 20 minutes to gain access to their data, with administrator privileges. How did he do it? He first looked for staff members on professional social media. Then he checked whether any of their accounts on social media or with other online service providers had ever been hacked. (You may remember the Yahoo or LinkedIn hacks, e.g., where data of millions of users were put online). Within minutes he found that an account of an administrator had been hacked, and that his login credentials were available online. When he tried to use the same credentials (user-id and password) to gain access to the law firm’s data, his attempt was successful. The weak link in the otherwise fairly secure setup was that a user was still using a password he had used before in an online account that had been hacked.

One of the most common cause of data breaches is the use of insecure devices. Laptops, tablets and phones are prime targets for thieves. Yet, many lawyers still store unencrypted client data on a laptop or on a mobile device.

So, is your firm secure? What can you do to increase security? Here are some suggestions:

Install intrusion detection and prevention systems, and enterprise-grade firewalls, not just on your servers but also on desktops and laptops. After all, gaining access to one device is enough to gain access to the information.

Enable encryption on all devices, including on mobile devices like phones, tablets and laptops.

Encryption should also be used for all communications between the devices.

In part 1 of our legal case management software checklist we focused on the essential functionality that your software solution should provide. In part 2, we first pay attention to some optional modules and functionality that can be valuable for your firm. We will conclude with some general considerations with regard to the service providers and the services they provide.

Most service provides offer a range of additional modules, which often focus on specialized tasks, and therefore are optional. The reporting capabilities of a package are sometimes included and other times optional. They usually give a good insight in the maturity of the product. Further modules may focus on firm management, productivity, or logistics. Larger law firms will also be interested in knowledge management and data mining.

If your firm specializes in certain fields of activity, like, e.g. debt collection and recovery, mergers and acquisitions, liquidations, etc., special modules may be available that are specifically designed for those purposes. Sometimes other service providers offer such extended functionality, and you may have to work with more than one service provider.

If you are planning to use software solutions by other service providers, you must investigate whether these can be integrated in, or at least communicate with, your chosen software solution. We already gave the examples of third-party accounting software and optional specialized modules, but it also applies to more common scenarios. Most firms use Microsoft’s Office 365. And many people rely on either Gmail and Google Calendar, or on Outlook and/or Exchange for their email and calendar. If this applies to you, you will want a solution that offers a seamless integration with these applications as well.

These days, many companies use public cloud services (DropBox, Onedrive, Google Drive, etc.) for a number of reasons: to share documents or collaborate on them, to make backups of their data, etc. Does your software solution provide an integration with these services?

Security and Data are also important considerations. Does the software provide an easy user and permissions management solution with different levels of access? Are the data encrypted? Are email communications encrypted? Can the data be easily imported and exported? If you are looking at a cloud solution where the service provider hosts your data, what rights do you and the service provider have to the data? Can the service provider keep your data if you default on your payments, e.g.?

Thus far, we have given an overview of functionality requirements for your checklist. There are other important considerations, too. Apart from the functionality, you have to look at the User Experience (UX), e.g.: How intuitive and easy to use is the software? How are support and training organized? Are there manuals, tutorials, webinars or podcasts? When can the support desk be contacted and in what ways (phone, email, live chat, remote access, …)? The price, too, is of course an important consideration. Are there any hidden costs or costs that will increase over time? What about upgrades: what is the frequency, what are the conditions and what is the cost? Does the provider offer you a free trial period, and if so, for how long?

Last but not least, it is always a good practice to investigate to investigate the service providing company itself. What experience does it have in the field? How is its viability as a service provider?